CWE-1023 (Incomplete Comparison with Missing Factors) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-53839 | 2026-06-12 | OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting… |
| CVE-2026-7473 | 2026-06-05 | On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is p… |
| CVE-2026-48587 | 2026-06-03 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header val… |
| CVE-2026-4748 | 2026-04-01 | A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicat… |
| CVE-2026-4599 | 2026-03-23 | Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functio… |
| CVE-2025-62000 | 2025-12-18 | BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attack… |
| CVE-2025-55333 | 2025-10-14 | Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
| CVE-2025-46722 | 2025-05-29 | vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a secur… |
| CVE-2024-5528 | 2025-02-05 | An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab… |
| CVE-2021-23146 | 2021-11-18 | An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior … |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Description, Relationships, Type |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Demonstrative_Examples |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Common_Consequences, Description |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Detection_Factors, Potential_Mitigations |